Important Info — Cisco 642-825 new study guide are designed to help you pass the exam in a short time.Everything you need can be found in the new version Cisco 642-825 exam dumps.Visit Flydumps.com to get more valid information.

Exam A QUESTION 1

Refer to the exhibit. MPLS must be enabled on all routers in the MPLS domain that consists of Cisco routers and equipment of other vendors. What MPLS distribution protocol(s) should be used on router R2 FastEthernet interface Fa0/0 so that the Label Information Base (LIB) table is populated across the MPLS domain?
A. Only LDP should be enabled on Fa0/0 interface.
B. Only TDP should be enabled on Fa0/0 interface.
C. Both distribution protocols LDP and TDP should be enabled on the Fa0/0 interface.
D. MPLS cannot be enabled in a domain consisting of Cisco and non-Cisco devices.
Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 2

Which two statements about common network attacks are true? (Choose two.)
A. Access attacks can consist of password attacks, trust exploitation, port redirection, and man-in-the-middle attacks.
B. Access attacks can consist of password attacks, ping sweeps, port scans, and man-in-the-middle attacks.
C. Access attacks can consist of packet sniffers, ping sweeps, port scans, and man-in-the-middle attacks.
D. Reconnaissance attacks can consist of password attacks, trust exploitation, port redirection and Internet information queries.
E. Reconnaissance attacks can consist of packet sniffers, port scans, ping sweeps, and Internet information queries.
F. Reconnaissance attacks can consist of ping sweeps, port scans, man-in-middle attacks and Internet information queries.
Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
QUESTION 3
Which two statements about worms, viruses, or Trojan horses are true? (Choose two.)
A. A Trojan horse has three components: an enabling vulnerability, a propagation mechanism, and a payload.
B. A Trojan horse virus propagates itself by infecting other programs on the same computer.
C. A virus cannot spread to a new computer without human assistance.
D. A virus has three components: an enabling vulnerability, a propagation mechanism, and a payload.
E. A worm can spread itself automatically from one computer to the next over an unprotected network.
F. A worm is a program that appears desirable but actually contains something harmful.
Correct Answer: CE Section: (none) Explanation
QUESTION 4
Which two statements about management protocols are true? (Choose two.)
A. Syslog version 2 or above should be used because it provides encryption of the syslog messages.
B. NTP version 3 or above should be used because these versions support a cryptographic authentication mechanism between peers.
C. SNMP version 3 is recommended since it provides authentication and encryption services for management packets.
D. SSH, SSL and Telnet are recommended protocols to remotely manage infrastructure devices.
E. TFTP authentication (username and password) is sent in an encrypted format, and no additional encryption is required.
Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 5
Which two statements about the Cisco AutoSecure feature are true? (Choose two.)
A. All passwords entered during the AutoSecure configuration must be a minimum of 8 characters in length.
B. Cisco123 would be a valid password for both the enable password and the enable secret commands.
C. The auto secure command can be used to secure the router login as well as the NTP and SSH protocols.
D. For an interactive full session of AutoSecure, the auto secure login command should be used.
E. If the SSH server was configured, the 1024 bit RSA keys are generated after the auto secure command is enabled.

Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 6
Which three statements are correct about MPLS-based VPNs? (Choose three.)
A. Route Targets (RTs) are attributes attached to a VPNv4 BGP route to indicate its VPN membership.
B. Scalability becomes challenging for a very large, fully meshed deployment.
C. Authentication is done using a digital certificate or pre-shared key.
D. A VPN client is required for client-initiated deployments.
E. A VPN client is not required for users to interact with the network.
F. An MPLS-based VPN is highly scalable because no site-to-site peering is required.
Correct Answer: AEF Section: (none) Explanation
QUESTION 7
Which two statements are true about broadband cable (HFC) systems? (Choose two.)
A. Cable modems only operate at Layer 1 of the OSI model.
B. Cable modems operate at Layers 1 and 2 of the OSI model.
C. Cable modems operate at Layers 1, 2, and 3 of the OSI model.
D. A function of the cable modem termination system (CMTS) is to convert the modulated signal from the cable modem into a digital signal.
E. A function of the cable modem termination system is to convert the digital data stream from the end user host into a modulated RF signal for transmission onto the cable system.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 8
Which form of DSL technology is typically used as a replacement for T1 lines?
A. VDSL
B. HDSL
C. ADSL
D. SDSL
E. G.SHDSL
F. IDSL
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 9

Refer to the exhibit. Which two statements about the AAA configuration are true? (Choose two.)
A. A good security practice is to have the none parameter configured as the final method used to ensure that no other authentication method will be used.
B. If a TACACS+ server is not available, then a user connecting via the console port would not be able to gain access since no other authentication method has been defined.
C. If a TACACS+ server is not available, then the user Bob could be able to enter privileged mode as long as the proper enable password is entered.
D. The aaa new-model command forces the router to override every other authentication method previously configured for the router lines.
E. To increase security, group radius should be used instead of group tacacs+.
F. Two authentication options are prescribed by the displayed aaa authentication command.
Correct Answer: DF Section: (none) Explanation
Explanation/Reference:
QUESTION 10
Which two statements are correct about mitigating attacks by the use of access control lists (ACLs)? (Choose two.)
A. Extended ACLs on routers should always be placed as close to the destination as possible.
B. Each ACL that is created ends with an implicit permit all statement.
C. Ensure that earlier statements in the ACL do not negate any statements that are found later in the list.
D. Denied packets should be logged by an ACL that traps informational (level 6) messages.
E. IP packets that contain the source address of any internal hosts or networks inbound to a private network should be permitted.
F. More specific ACL statements should be placed earlier in the ACL.
Correct Answer: DF Section: (none) Explanation
Explanation/Reference:
QUESTION 11
Which three configuration steps must be taken to connect a DSL ATM interface to a service provider? (Choose three.)
A. Enable VPDN.
B. Configure PPPoE on the VPDN group.
C. Configure the ATM PVC.
D. Assign a VPDN group name.
E. Configure a dialer interface.
F. Configure the correct PPP encapsulation on the ATM virtual circuit.

Correct Answer: CEF Section: (none) Explanation
Explanation/Reference:
QUESTION 12

Refer to the exhibit. What is needed to complete the PPPoA configuration?
A. A static route to the ISP needs to be configured.
B. The VPDN group needs to be created.
C. The ATM PVC needs to be configured.
D. PPPoE encapsulation needs to be configured on the ATM interface.
E. PAP authentication needs to be configured.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 13

Refer to the exhibit. Which statement is correct about the MPLS configuration?
A. LDP is enabled on serial 0/1/0.
B. TDP is enabled on both interfaces.
C. MPLS traffic will be permitted on both interfaces.
D. MPLS keepalives will be sent out both interfaces.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 14
What is one benefit of AutoSecure?
A. By default, all passwords are encrypted with level 7 encryption.
B. By default, a password is enabled on all ports.
C. Command line questions are created that automate the configuration of security features.
D. A multiuser logon screen is created with different privileges assigned to each member.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 15
Which two steps must be taken for SSH to be implemented on a router? (Choose two.)
A. Ensure that the Cisco IOS Firewall feature set is installed on the devices.
B. Ensure that the target routers are configured for AAA either locally or through a database
C. Ensure that each router is using the correct domain name for the network
D. Ensure that an ACL is configured on the VTY lines to block Telnet access
Correct Answer: BC Section: (none) Explanation
QUESTION 16
What is meant by the attack classification of “false positive” on a Cisco IPS device?
A. A signature is fired for nonmalicious traffic, benign activity.
B. A signature is not fired when offending traffic is detected.
C. A signature is correctly fired when offending traffic is detected and an alarm is generated.
D. A signature is not fired when non-offending traffic is captured and analyzed.
Correct Answer: A Section: (none) Explanation
QUESTION 17
Which two Network Time Protocol (NTP) statements are true? (Choose two.)
A. A stratum 0 time server is required for NTP operation.
B. NTP is enabled on all interfaces by default, and all interfaces receive NTP packets.
C. NTP operates on IP networks using User Datagram Protocol (UDP) port 123.
D. The ntp server global configuration is used to configure the NTP master clock to which other peers synchronize themselves.
E. The show ntp status command displays detailed association information of all NTP peers.
F. Whenever possible, configure NTP version 5 because it automatically provides authentication and encryption services.
Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 18
Which statement is true about signature-based intrusion detection?
A. It performs analysis that is based on a predefined network security policy.
B. It performs analysis that is based on known intrusive activities by matching predefined patterns in network traffic.
C. It performs analysis that is based on anomalies in packets or packet sequences. It also verifies anomalies in traffic behavior.
D. It performs analysis by intercepting the procedural calls to the operating system kernel.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 19
What are the two main features of Cisco IOS Firewall? (Choose two.)
A. TACACS+
B. AAA
C. Cisco Secure Access Control Server
D. Intrusion Prevention System
E. Authentication Proxy

Correct Answer: DE Section: (none) Explanation
QUESTION 20
What three features does Cisco Security Device Manager (SDM) offer? (Choose three.)
A. smart wizards and advanced configuration support for NAC policy features
B. single-step mitigation of Distributed Denial of Service (DDoS) attacks
C. one-step router lockdown
D. security auditing capability based upon CERT recommendations
E. multi-layered defense against social engineering
F. single-step deployment of basic and advanced policy settings

Correct Answer: ACF Section: (none) Explanation

All our Cisco products are up to date! When you buy any Cisco 642-825 product from Certpaper, as “Cisco 642-825 Questions & Answers with explanations”, you are automatically offered the Cisco 642-825 updates for a total of 90 days from the day you bought it. If you want to renew your Cisco 642-825 purchase during the period of these 90 days,your Cisco 642-825 product is renewed and you are further enabled to enjoy the free Cisco updates.